BUSINESS STRATEGY
– from proactive threat hunting to real-time threat response.
“ Our customers using XIM have automated this entire process. What used to take two-to-three days now takes minutes.”
And in doing so, they’ ve managed to reduce their headcounts – not to eliminate roles, but to reassign personnel to higher-value tasks.“ They no longer need 30 people to monitor alerts, they can operate effectively with 10 to 12,” said Pasha.
Shadow AI and agentic threats: What’ s coming next
Pasha also warns of emerging risks such as Shadow AI – the unauthorised use of GenAI tools by employees – and agentic AI, where models begin taking autonomous actions on behalf of users.
“ Do you block GenAI? Allow it? It’ s not that simple,” he said.“ You need visibility into what’ s being used and governance around how it’ s used.”
To address this, Palo Alto has developed AI Access Security, a solution that allows organisations to monitor which AI tools are in use and what data they interact with.
Finally, he emphasises the importance of AI ethics and transparency, advocating for the establishment of internal AI trust committees and clear accountability from vendors.
“ There should be no black boxes. If a vendor can’ t explain how their AI works or where it’ s applied, that’ s a red flag.”
Conclusion: A winnable arms race
Despite the risks, Pasha remains optimistic. AI may be enabling attackers – but it also offers defenders a way to improve speed, scale and resilience radically.
“ We’ re in an arms race, yes. But it’ s one we can win – if we act strategically,” he said.“ The technology is here. The platforms are here. What’ s needed now is leadership and mindset.”
His advice to CISOs: think long-term; build for autonomy and treat AI not just as a tool, but as a foundational layer of modern security architecture.“ This isn’ t about reacting to what attackers do next, it’ s about being three steps ahead,” he concluded. x
Palo Alto Networks’ Chief Security Officer for EMEA and LATAM, Haider Pasha
But the bigger question lies ahead: what happens when AI models start making decisions?
“ Agentic AI is different from LLMs. It doesn’ t just give you answers – it acts on your behalf,” Pasha said.“ If that model is compromised, it can cause real damage very quickly.”
A new cybersecurity mandate: Policy, training and trust
Beyond technology, Pasha calls on CISOs to prioritise policy, training and trust.
“ The first thing I tell CISOs: have a clear AI policy. What do you allow? What don’ t you? And is everyone in the organisation aware of the boundaries?”
He also urges teams to build internal AI skills, including the ability to develop and apply Machine Learning models to real-world use cases. Palo Alto’ s XSIAM platform, for instance, allows users to import their own ML models – tailored to their threat environment.“ Security teams must understand AI – not just use it. They need to know how it works and where it applies.”
www. intelligentcxo. com
27